+}
--- a/grsecurity/grsec_sock.c 2008-03-24 00:24:22.482633101 +0100
+++ c/grsecurity/grsec_sock.c 2008-03-24 00:27:01.971671763 +0100
-@@ -247,23 +247,26 @@
+@@ -247,25 +247,26 @@
gr_cap_rtnetlink(struct sock *sock)
{
#ifdef CONFIG_GRKERNSEC
- gr_is_capable(CAP_AUDIT_CONTROL))
- return current_cap();
- else if (cap_raised(current_cap(), CAP_NET_ADMIN) &&
-- gr_is_capable(CAP_NET_ADMIN))
+- ((sock->sk_protocol == NETLINK_ROUTE) ?
+- gr_is_capable_nolog(CAP_NET_ADMIN) :
+- gr_is_capable(CAP_NET_ADMIN)))
- return current_cap();
- else
- return __cap_empty_set;
--- a/include/linux/grsecurity.h 2007-12-01 00:54:57.224769000 +0000
+++ c/include/linux/grsecurity.h 2007-12-01 01:09:34.923621750 +0000
@@ -76,6 +76,7 @@ void gr_log_semrm(const uid_t uid, const
- void gr_log_shmget(const int err, const int shmflg, const size_t size);
- void gr_log_shmrm(const uid_t uid, const uid_t cuid);
void gr_log_textrel(struct vm_area_struct *vma);
+ void gr_log_rwxmmap(struct file *file);
+ void gr_log_rwxmprotect(struct file *file);
+void gr_log_cap_pid(const int cap, pid_t pid);
int gr_handle_follow_link(const struct inode *parent,
write_unlock(&fs_vxi->lock);
}
+--- linux-2.6.28/fs/proc/Kconfig~ 2008-11-20 23:26:34.000000000 +0100
++++ linux-2.6.28/fs/proc/Kconfig 2008-12-01 20:37:12.000000000 +0100
+@@ -59,8 +59,8 @@
+ limited in memory.
+
+ config PROC_PAGE_MONITOR
+- default n
+- depends on PROC_FS && MMU && !GRKERNSEC
++ default y
++ depends on PROC_FS && MMU
+ bool "Enable /proc page monitoring" if EMBEDDED
+ help
+ Various /proc files exist to monitor process memory utilization:
projects / packages / kernel.git / blobdiff